FirefoxOS/New security model: Difference between revisions

FirefoxOS/New security model (view source)

97 bytes added , 8 July 2015

canmove, Confirmed users

1,220

edits

@@ Line 165: / Line 165: @@
 </bugzilla>
-=== Origins and cookie jars ===
+=== Origins and cookie jars - {{Bug|1153435}} ===
-** [META] Tracking bug for Origins and Cookie Jars implementation of New Security Model {{Bug|1153435}}
+** [META] Tracking bug for Origins and Cookie Jars implementation of New Security Model
 The biggest change here is that we should stop always using different cookie jars for different apps. In particular normal unsigned content should always use the same cookie jar no matter which app it belongs to.
-Bug XXX - define app identifier for use in origin attributes
 However signed packages will get their own cookie jars. So a signed package will not share cookies, IndexedDB data, etc with unsigned content from the same domain. It will also not share data with other signed packages from the same domain. This is to ensure that unsigned content from the same domain can't read for example sensitive data that the signed content has cached in IndexedDB.
@@ Line 194: / Line 192: @@
 ♦ '''Issue:''' Figure out exactly what field to use to indicate which signed package a principal belongs to.
+<bugzilla>
+  {
+    "blocks": 1153435,
+    "include_fields": "id, priority, summary, status, assigned_to,resolution",
+    "order": "bug_id"
+  }
+</bugzilla>